Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2daf9f0a1efeddf61ad131bb0ad55057_JaffaCakes118
-
Size
334KB
-
Sample
240708-y6zf2sxbnn
-
MD5
2daf9f0a1efeddf61ad131bb0ad55057
-
SHA1
902658788b2471393bf8129d86323b15ce9b344d
-
SHA256
b47cba80a43f6f817aac64184597d953e86f8000460b2185ae0751509ab335eb
-
SHA512
8ef3b4352891ecf99809ea45220bb89bc21042b7a68772912d901bdaca82290abb11ab9748dc9d269cb5ba245a501f0862c7ff3c7587a9438947778e08c3f8f2
-
SSDEEP
6144:QISpMp5s2xhZMaJTXPiap/ZMiPC0i7r4JdqJ8+RPGgmT5xNxESkO+bY:jS2NXZvt6aTMR7rIdqJrRMXEPOH
Static task
static1
Behavioral task
behavioral1
Sample
Boleto-10-2011.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Boleto-10-2011.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
Boleto-10-2011.com
-
Size
353KB
-
MD5
681abf81004f57b2930a7fade361c160
-
SHA1
43707fceb0fda0045e2ad1522375f66a25a9a5ad
-
SHA256
7e07c36e47c45f16faf8f41e4805396dc99445a3c563258d9a6ed65b638e073a
-
SHA512
15ad726644ffb33279afe2beef362de6f077247e6487b589bcffebb45ab00608286448d0d02c16ef4c3c486dee374e9fc95988641f3c4702be7e442494178585
-
SSDEEP
6144:uAkg2vhVMaJTXPiap/ZMUxgdUCxlZn+aC1meyUGimMxSkOZbX:u02ZVvx6aTMLX/5W1meyUGp8POt
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1